Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,458 vulnerabilities with CWE-94

CVE-2026-39087 CRITICAL

ntfy < 2.22.0 - Server-Side Request Forgery

CVE-2026-39440 CRITICAL

WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability

CVE-2026-3960 CRITICAL

Remote Code Execution in h2oai/h2o-3

CVE-2026-41229 CRITICAL

Froxlor <2.3.6 MysqlServer API - PHP Code Injection

CVE-2026-41196 CRITICAL

Luanti 5.0.0-5.15.1 LuaJIT Mod Sandbox - Sandbox Escape

CVE-2026-41134 HIGH

Kiota: Code Generation Literal Injection

CVE-2026-33608 HIGH

Incomplete domain name sanitization during

CVE-2026-40911 CRITICAL

WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

CVE-2026-6745 LOW

Bagisto Custom Scripts cross site scripting

CVE-2026-40602 MEDIUM

hass-cli: Handling of user-supplied Jinja2 templates

CVE-2026-6743 LOW

WebSystems WebTOTUM Calendar cross site scripting

CVE-2026-31018 HIGH

Dolibarr ERP & CRM <=22.0.4 - Code Injection

CVE-2026-32613 CRITICAL

Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling

CVE-2026-6652 MEDIUM

Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

CVE-2026-6651 LOW

erponline.xyz ERP Online Inventory Edit Item cross site scripting

CVE-2026-39918 CRITICAL

Vvveb < 1.0.8.1 Code Injection via Installation Endpoint

CVE-2026-5760 CRITICAL

SGLang - Remote Code Execution via Malicious Tokenizer Chat Template

CVE-2026-6648 LOW

Qibo CMS Internal Message cross site scripting

CVE-2026-6633 LOW

Yifang CMS Extended Management L_rbac_admin.php store cross site scripting

CVE-2026-6624 LOW

BichitroGan ISP Billing Software Pool List add cross site scripting

CVE-2026-6623 LOW

BichitroGan ISP Billing Software Profile users-view cross site scripting

CVE-2026-6622 LOW

BichitroGan ISP Billing Software Customer edit cross site scripting

CVE-2026-6621 HIGH

1024bit extend-deep index.js prototype pollution

CVE-2026-6619 LOW

langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting

CVE-2026-41282 MEDIUM

ProjectDiscovery Nuclei <3.8.0 - DSL Injection

Previous Page 13 of 259 Next

Details

Vulnerabilities 6,458

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy